[syslog-ng] [Bug 88] New: rewrite FACILITY does not work.
bugzilla at bugzilla.balabit.com
bugzilla at bugzilla.balabit.com
Wed Jun 23 01:10:27 CEST 2010
https://bugzilla.balabit.com/show_bug.cgi?id=88
Summary: rewrite FACILITY does not work.
Product: syslog-ng
Version: 3.0.x
Platform: PC
OS/Version: Windows
Status: NEW
Severity: normal
Priority: unspecified
Component: syslog-ng
AssignedTo: bazsi at balabit.hu
ReportedBy: alex-pub.balabit at reflexion.net
Type of the Report: ---
Estimated Hours: 0.0
Here is the fragment of my syslog-ng.conf file that demonstrates the problem
source remote_sys {
tcp(
ip( "0.0.0.0" )
port( 514 )
max-connections( 1152 )
);
udp(
ip( "0.0.0.0" )
port( 514 )
);
};
destination d_remote_consolidated_log {
file(
"/var/log/remote/$FACILITY/$FACILITY.log"
create_dirs( yes )
perm( 0644 )
dir_perm( 0755 )
template( "$R_ISODATE $HOST -$LEVEL- $PROGRAM[$PID]: $MSGONLY\n" )
frac_digits( 6 )
template_escape( no )
);
};
filter f_apache {
facility( local1 );
};
rewrite r_rewrite_apache_facility {
set("apache" value("FACILITY"));
};
log {
source( remote_sys );
filter( f_apache );
rewrite( r_rewrite_apache_facility );
destination( d_remote_consolidated_log );
flags( final );
};
If I issue the following command from the host connected to this syslog-ng server:
$ echo this is apache log test | logger -t apache-test -p local1.info
Then the output is sent to "/var/log/remote/local1/local1.log" instead of expected
"/var/log/remote/apache/apache.log".
Also, if I include $FACILITY into the destination template it prints "local1"
If I run syslog-ng with -d flag I see this in output:
>>Rewrite expression evaluation result; value='FACILITY', new_value='apache'
Below is a full log for this test
>>Incoming log entry; line='<142>Jun 22 17:36:11 host-1 apache-test: this is a test 2'
>>Filter rule evaluation begins; filter_rule='f_filter1'
>>Filter node evaluation result; filter_result='not-match', filter_type='facility'
>>Filter rule evaluation result; filter_result='not-match', filter_rule='f_filter1'
>>Filter rule evaluation begins; filter_rule='f_filter2'
>>Filter node evaluation result; filter_result='not-match', filter_type='facility'
>>Filter rule evaluation result; filter_result='not-match', filter_rule='f_filter2'
>>Filter rule evaluation begins; filter_rule='f_apache'
>>Filter node evaluation result; filter_result='match', filter_type='facility'
>>Filter rule evaluation result; filter_result='match', filter_rule='f_apache'
>>Rewrite expression evaluation result; value='FACILITY', new_value='apache'
So this makes me believe that rewrite does happen, but the value is not picked up later.
BTW, the documentation for `set` command says that there should be a comma between "apache" and value, but other samples do not put it there.
I've tried it both ways to no avail.
--
Configure bugmail: https://bugzilla.balabit.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the syslog-ng
mailing list